----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/21594/#review46404 -----------------------------------------------------------
Ship it! This is looking very good! A few style nits to address. Everything else LGTM. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81783> Style nits: return Error( "Unexpected format from host ip_local_port_range: " + value.get()); src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81785> Ditto. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81786> Ditto. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81787> Style nits. Would you please move this line down? return Error( "Network Isolator is given ephemeral ports of size: " + ...); src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81788> Do not capitalize "of executor " src/slave/containerizer/isolators/network/port_mapping.hpp <https://reviews.apache.org/r/21594/#comment81764> You don't need this as the default constructor will be used. src/slave/containerizer/isolators/network/port_mapping.hpp <https://reviews.apache.org/r/21594/#comment81765> Insert a blank line here. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81767> We can kill the local variable here by doing: if (os::namespaces().count("net") == 0) { ... } src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81766> Style nits: return Error( "Using network isolator requires network namespace. " "Make sure your kernel is newer than 3.4"); src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81769> I would suggest revert the variable name here. The name 'shell' is not as explicit as 'checkCommandTc'. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81768> Stick to style guide. We put '+' in the end: return Error( "Check command 'tc' failed: non-zero exit code:" + shell.get()); src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81770> Please add a comment to explain what this piece of code is doing: // Obtain the host ephemeral port range by reading 'ip_local_port_range' in /proc. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81771> Stick to style guide. We put '!=' in the end: if (roundDownToPowerOfTwo(flags.per_container_ephemeral_port_size) != flags.per_container_ephemeral_port_size) { ... } src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81773> Stick to style guide: return Error( "Network Isolator failed to find a public interface: " + eth0.error()); src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81774> Ditto. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81775> Ditto. return Error( "Failed to get the public IP of " + eth0.get() + ": " + (hostIP.isError() ? hostIP.error() : "does not have an IPv4 address")); Also, remove the tailing spaces (you can run a style checker before submitting the patch). src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81776> ditto. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81777> Style issue. Move '+' to the end. return Failure( "Failed to create an ICMP packet filter from host " + eth0 + " to " + veth(pid) + ": " + icmpEth0ToVeth.error()); src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81778> Style issue: return Failure( "The ICMP packet filter on host " + eth0 + " already exists"); src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81779> Ditto. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81780> Ditto. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81781> Ditto. src/slave/containerizer/isolators/network/port_mapping.cpp <https://reviews.apache.org/r/21594/#comment81782> Ditto. - Jie Yu On June 20, 2014, 12:13 a.m., Chi Zhang wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/21594/ > ----------------------------------------------------------- > > (Updated June 20, 2014, 12:13 a.m.) > > > Review request for mesos, Ian Downes, Jie Yu, Vinod Kone, and Cong Wang. > > > Bugs: https://issues.apache.org/jira/browse/MESOS-1324 > > https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/MESOS-1324 > > > Repository: mesos-git > > > Description > ------- > > Added a network isolator using port-range based traffic redirection on Linux. > > - Containers are assigned non-ephemeral ports by the scheduler and ephemeral > ports by the network isolator. > - Virtual ethernet devices and Traffic Control filters are set up so that > network traffic in and out of the containers is isolated based on the ports > assigned to them. > - Containers run inside their own network namespaces with separate network > stacks, from which per-container network statistics can be retrieved. > > A joint work with: > - Cong Wang ([email protected]) > - Jie Yu ([email protected]) > - Ian Downes ([email protected]) > > > Diffs > ----- > > include/mesos/mesos.proto 2f6be05 > src/Makefile.am b1b7d2d > src/launcher/main.cpp b497e98 > src/slave/constants.hpp c65a62d > src/slave/constants.cpp 51f65bb > src/slave/containerizer/isolators/network/port_mapping.hpp PRE-CREATION > src/slave/containerizer/isolators/network/port_mapping.cpp PRE-CREATION > src/slave/containerizer/linux_launcher.cpp 85c74f0 > src/slave/containerizer/mesos_containerizer.cpp 61c0a8d > src/slave/flags.hpp 3b8ba08 > src/slave/main.cpp 8c2b70c > src/tests/environment.cpp 21b9d1d > src/tests/mesos.cpp 1037420 > > Diff: https://reviews.apache.org/r/21594/diff/ > > > Testing > ------- > > make check on linux. more test cases are being written. > > > Thanks, > > Chi Zhang > >
